As Intel, AMD, and other CPU manufacturers have started releasing CPU microcode (firmware) updates for processor models affected by the Meltdown and Spectre patches, those updates are trickling down to OEMs and motherboard vendors, who are now integrating these patches into BIOS/UEFI updates for affected PCs.
Lenovo engineers have discovered a backdoor in the firmware of RackSwitch and BladeCenter networking switches. The company released firmware updates earlier this week.
AMD officially admitted today that its processors are not vulnerable to the Meltdown bug, but are affected by both variants of the Spectre flaw.
A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account.
TP-Link's European sites are falling behind when it comes to providing firmware updates, said Daniel Aleksandersen, a Norwegian technology expert, on Monday.
Alex Matrosov, a security researcher for Cylance, has discovered several flaws in how some motherboard vendors implemented Intel's UEFI BIOS firmware into their products.
Some Macs running up-to-date versions of their operating system may not be running the latest EFI firmware version, exposing users to firmware attacks, according to a 63-page report published today by security researchers from Duo Labs.
A botched firmware update for Samsung smart TVs has left many owners unable to use their devices, two weeks after it happened.
A hacker who goes online only by the pseudonym of Xerub has released the decryption key for Apple's Secure Enclave Processor (SEP) firmware.
On Tuesday, August 8, smart locks manufacturer LockState botched an over-the-air firmware update for its WiFi enabled smart locks, causing the devices to lose connectivity to the vendor's servers and the ability to open doors for its users.
Security researchers have found malware inside the firmware of several low-cost Android smartphones, such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.
A "smart" dildo with an embedded video camera, sold under the name of Siime Eye and created and assembled by US manufacturer Svakom, contains a slew of security flaws that allow attackers to watch video streams without authorization and even go as far as to replace firmware and completely take over the device.
Yesterday, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte BRIX small computing devices, which allow an attacker to write malicious content to the UEFI firmware.
The backdoor found in the firmware of various low-end Android smartphones, which was traced back to a Chinese company, was active since July this year, according to mobile security firm Trustlook.
Security researchers have found malware hidden in the firmware of several low-end Android smartphones and tablets, malware which is used to show ads and install unwanted apps on the devices of unsuspecting users.